Zone Transfer Still working after disabled? RRS feed

  • Question

  • My company has a one way trust with another company, in which Other companies domain (OC-Domain) trusts My Companies domain (MY-Domain). 

    OC-Domain --> MY-Domain. 

    When the trust was setup, I choose to create a stub zone on MY-Domain of OC-Domain. 

    To do this we needed to Allow Zone Transfers. It ended up not being an issue because OC-Domain already was allowing Zone Transfers to any server. (Not ideal Security Wise, but that was the case at the time of the trust configuration)

    The trust is still working, however I am documenting things now, and I went back to look at the settings, and I have discovered that in "OC-Domain" someone has unchecked "Allow Zone Transfers"

    I would expect that all subsequent zone transfers after being disabled should fail. However I have checked my DNS logs on "My-Domain" and see that incremental Zone transfers are still processing normally. 

    Date: 7/10/2019 9:25:16 AM
    Event ID: 6522
    A more recent version, version 397740 of zone [OC-Domain] was found at the DNS server at [IP Address}. Zone transfer is in progress. 

    Can anyone explain why incremental zone updates are still occurring? I mean, I am happy they are, I just don't understand why it's working or if this is a bug. 

    Wednesday, July 10, 2019 6:31 PM


  • Hi,

    I did a test on my DNS server and I ran into the same problem.

    Then I created a secondary zone and disabled zone transfer. As expected, the zone transfer failed.

    As a result, we come to a conclusion that zone transfer has no effect on the stub zone.

    Best regards,


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    • Marked as answer by Paul Arneson Thursday, July 11, 2019 5:56 PM
    Thursday, July 11, 2019 6:45 AM